Hello Philippe,
> Is there a direct way to set the NSEC3PARAM?
No idea.
> Switch, the registry for .ch and .li domains is using/testing CDS
> records. Can I tell named, to create the CDS Records for me?
If your keys have appropriate timing metadata, then the CDS/CDNSKEY
records are published for your zones automatically:
See man dnssec-keygen
...
Timing options:
-P date/[+-]offset/none: set key publication date (default: now)
-P sync date/[+-]offset/none: set CDS and CDNSKEY publication date
-A date/[+-]offset/none: set key activation date (default: now)
-R date/[+-]offset/none: set key revocation date
-I date/[+-]offset/none: set key inactivation date
-D date/[+-]offset/none: set key deletion date
-D sync date/[+-]offset/none: set CDS and CDNSKEY deletion date
or man dnssec-settime
> And every time I create or activate new keys, I have to manually add the
> CDS records, right?
Not if your keys have the appropriate timing metadata.
Daniel
--
SWITCH
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
